In cloud networks, virtual machines are software implemented abstraction of the underlying hardware. A virtual machine (VM) is a software implementation of a machine (i.e. a computer) that executes programs like a physical machine.
The hardware, or physical resources, of nodes in a telecommunications network may be implemented as virtual machines.
Cloud based telecommunications are voice and data communications where telecommunication applications, e.g. switching and storage, are hosted by virtual machines.
Cloud communications providers deliver voice & data communications applications and services, hosting them on servers that the providers own and maintain, giving their customers access to the “cloud.” Cloud services are a broad term, referring primarily to data-centre-hosted services that are run and accessed over e.g. Internet infrastructure.
A cloud infrastructure providing telecommunication services shall comply with regulatory requirements by providing lawful interception service to the authorities and by doing it with a security level equivalent to legacy telecommunication networks.
A main difference, as well as one of the fundamental benefits in a telecommunication cloud based service, is that applications providing such service are dynamically allocated as Virtual Machine (VM) over the available physical resources, e.g. computing Central Processing Unit hardware resources (CPU HW), network resources (NW) and disk server resources (disk). Said VM can be quickly created, cloned, destroyed and can be live migrated also on physically remote infrastructure along with the related data.
For example, in Lawful interception the IAP (Interception Access Point) function is a part of the virtualized application, the IAP will follow the application's lifecycle and its live motion over the geographically distributed cloud infrastructure.
Maintaining logs of LI (Lawful Interception) related activities are mandatory in case of investigation following a security incident and to be able to confirm on a court trial that the interception has been correctly executed according to the requested warrant as well as the result is reliable and not manipulated. Related security requirements are clearly stated in the main LI standards as 3GPP TS 33.108, 3GPP TS 33.107 and in the ETSI 102 661.
The dynamicity of virtual application location and creation/destruction/migration lifecycle in a cloud deployment introduces several problems to LI logging activity. Assume the following two cases:                1. Two subsequent intercepted sessions for the same subscriber can be executed by different virtual machines possibly located on a different physical resource (deployed in the same or in different countries).        2. An intercepted session can be moved along with the hosting virtual machine live motion to another cloud and physical resource (in the same or a different country).        
One problem is that in both case the LI events will be reported from the same IAP identity (e.g. IP (Internet Protocol) address or Network Element Identity (NEID)) in a node of a telecommunications network, but actually the LI events could be performed on a different location even distributed on different countries. This could make invalid part of the interception or in the best case could need to apply a different regulation to information intercepted in a country respect to one intercepted in the other country (e.g. subscriber location info could be not allowed to be intercepted in one of the two countries).
In order to differentiate the interception policy according to regulation it is then fundamental to know resource identification information identifying the physical resources allocated to a virtual network element hosted by a virtual machine that manages the intercepted sessions. Said resource identification information is not available in the virtual network element and corresponding virtual machine.